Radiant

Course Description

In this 2-day course, students are provided with a functional understanding of how to deploy, test and maintain F5 SSL Orchestrator to optimize the SSL infrastructure, provide security devices with visibility of SSL/TLS encrypted traffic, and maximize efficient use of that existing security investment.

The course includes lecture, hands-on labs, and discussion about the importance of SSL visability, how F5 SSL Orchestrator supports policy-based management, steering of traffic flows to existing security devices and centralizes the SSL decrypt/encrypt function through multi-layered security, dynamic service chaining, topology selections and security policies.

Prerequisites

The following free web-based training courses, although optional, will be very helpful for any student with limited BIG-IP administration and configuration experience.

Getting Started with BIG-IP web-based training
Getting Started with SSL Orchestrator (SSLO) web-based training

The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:

OSI model encapsulation
Routing and switching
Ethernet and ARP
TCP/IP concepts
IP addressing and subnetting
NAT and private IP addressing
Default gateway

The following course-specific knowledge and experience is suggested before attending this course:

HTTP, HTTPS protocols
TLS/SSL

Security services such as malware detection, data loss/leak prevention (DLP), next-generation firewalls (NGFW), intrusion prevention systems (IPS), and Internet Content Adaptation Protocol (ICAP)

Audience Profile

This course is intended for network administrators and Security Operations responsible for installation, setup, configuration, and administration of the F5 SSL Orchestrator system.

Learning Objectives

Understand basic use cases for decryption and re-encryption of inbound and outbound SSL/TLS network traffic
Create dynamic service chains of multiple security services
Configure security policies to enable policy-based traffic steering
Add SSL visibility to existing applications
Deploy SSL Orchestrator configurations based on topology templates
Troubleshoot an SSL Orchestrator deployment

Content Outline

Chapter 1: Introducing SSL Orchestrator

Internet Security and SSL Visibility
Introducing SSL Orchestrator and its role in network security
SSL Orchestrator Placement on the Network
Platform and Licensing Requirements

Chapter 2: Certificate Fundamentals

Overview of Internet Security Model
Understanding Certificate Use
Managing Certificates on SSL Orchestrator (BIG-IP)

Chapter 3: Architecture Overview

Inbound and outbound inspection
Cipher diversity
Broad topology and inspection device support
Dynamic service chaining and policy-based traffic steering
Advanced monitoring
Dynamic scaling and evaluation

Chapter 4: Guided Configuration

Reviewing the Landing Page
Selecting a Topology
Making SSL Certificate Configurations
Creating Services and Service Handling
Constructing a Service Chain
Building a Security Policy
Defining an Interception Rule
Examining Egress settings
Reviewing the Summary Page and Deployment
Exploring the SSL Orchestrator Dashboard

Chapter 5: Services

Relationship of devices to services
Inline layer 2, layer 3 and HTTP inspection services
ICAP and TAP passive inspection services

Chapter 6: Topologies

Selecting the appropriate topology
Benefits and limitations of topologies
Existing application integration
Layer 2 virtual wire concepts

Chapter 7: Components

Initial and subsequent forward proxy flow
Flow and header based signaling
Access components
Appropriate naming of service objects
Authentication
Tee connector design and flow

Chapter 8: Managing Security Policy

Creating security policies
Reviewing per-request policy for an outbound topology
Navigating Visual Policy Editor

Chapter 9: Solving SSL Orchestrator Problems

Collecting system information
Solving traffic flow issues
Guided Configuration and iAppLX issues
Troubleshooting with cURL
Traffic captures with tcpdump
Cleanup and deleting configurations

Chapter 10: SSL Orchestrator High Availability

Review BIG-IP High Availability
SSL Orchestrator High Availability (HA) Requirements
Installation and Upgrade Cautions
SSL Orchestrator in Scaled Mode
Troubleshooting SSL Orchestrator HA

FAQs

Q: What is the infrastructure required to attend your training program?

A: To attend the training session you should have an operational Desktops or Laptops with required specification along with good internet connection to access the labs.

Q: What if I miss a class on a particular day?

A: We would always recommend you to attend the live session to practice & clarify the doubts instantly and get more value from your investment. However, if due to some contingency if you have to skip the class Radiant Techlearning would help you with the recorded session of that particular day. However, those recorded sessions are not meant only for personal consumption and NOT for distribution or any commercial use.

Q: How I will be accessing the labs?

A: Radiant Techlearning has a data center containing the Virtual Training environment for the purpose of participant’s hand-on-practice. Participants can easily access these labs over Cloud with the help of remote desktop connection. Radiant virtual labs provides you the flexibility to learn from anywhere in the world and in any time zone.

Q: What kind of projects are included as a part of training?

A: The learners will be enthralled as we engage them the real world and industry Oriented projects during the training program. These projects will improve your skills and knowledge and you will gain better experience. These real time projects, they will help you a lot in your future tasks and assignments.

Send a Message.

Enroll

Configuring F5 SSL Orchestrator